According to reports, Cross-chain asset bridge ChainSwap was hacked, and the hacker made off with roughly $8 million. Several ChainSwap-affiliated projects have also been impacted.
Details Of The Hack
Hackers targeted and compromised the ChainSwap smart contracts on Saturday, July 10th, at 4 p.m. EST, stealing tokens from more than 20 ChainSwap projects. Dafi, Option Room, Razor, Oro, Antimatter, Umbrella Room, and several other projects were impacted by the hack.
By depleting the liquidity pools of many projects, the hackers were able to generate a profit of almost $2.3 million from the attack.
Reaction Of ChainSwap To The Hack
On its part, ChainSwap has issued a series of announcements on Twitter to reassure users and projects on its network. ChainSwap’s team has gone into action to minimise the damage caused by the hacking.
Users have also been told by ChainSwap that just the smart contracts have been harmed and that their wallet funds are safe. In an attempt to filter out the hacker’s addresses, the team has frozen the BSC mapping token addresses.
ChainSwap has also temporarily halted liquidity while it investigates the attack, advising customers not to purchase the $ASAP token until the investigation is complete.
This recent hack follows a previous attack on ChainSwap on July 2nd, which resulted in an $800,000 loss for the company.
Chainflip is also putting together a compensation plan for the tokens that have been affected. The team has also taken pre-hack snapshots of token holders and liquidity providers and will airdrop 1:1 new $ASAP tokens while re-adding liquidity. This will cover holders of $ASAP tokens on exchanges.
As of right now, several ChainSwap bridge projects that have been impacted by the attack have issued statements on Twitter. Several of the projects have also stated that they will be issuing new tokens.
MyDeFiPet came to Twitter to claim that DPET tokens had been taken from the team’s Uniswap liquidity pool. It also noted that holders of BEP20 and KRC20 DPET tokens are unaffected by the attack.
Users were assured that their monies were safe and that the initiative had taken a snapshot of all Ethereum activity for refund.
OptionRoom has opted to pull all liquidity for the time being, according to a tweet. The hacker also took 2,314,640 $ROOM tokens worth $550,000 from cross-chain contracts, according to the report.
The project later announced on Twitter that the hacker was able to take 2.3 million $ROOM tokens on Ethereum and 10 million $ROOM tokens on the Binance Smart Chain.
The OptionRoom team was also able to withhold liquidity from Uniswap and Pancakeswap, shielding token holders and liquidity providers from the hacker if he sold into liquidity pools, according to the report.
OptionRoom was able to recoup $342,117 from the deployer by selling tokens to the Uniswap pool. Following an assessment of the liquidity providers’ portion, the team intends to disperse the recovered funds among them.
The company is also looking into the Ethereum and BSC logs to see what each $ROOM holder had when the hack happened, so they can airdrop the fresh tokens to them.
UniFarm responded to the developments on Twitter, noting that they were in constant contact with the ChainSwap team. UniFarm has taken all Uniswap and PancakeSwap liquidity offline and has asked their community to do the same until the problem is fixed.
KwikSwap indicated that they had disabled its markets since the attack had impacted their BEP-20 tokens and that they were examining the problem with ChainSwap. KwikSwap intended to reopen its token market, but discovered that all of the compromised KWIK tokens had been sold on Uniswap.
Nord Finance indicated that the ChainSwap hack had harmed the project and that they were working closely with the ChainSwap team to analyze the situation and plan the next line of action, which they will share with the community as soon as possible.
After it was found that $WILD tokens had also been hijacked, Wilder World advised users to postpone buying and selling across exchanges until further notice.
A Few Details About The Hacker
Several Twitter posts have given information on the hacker’s background. The hacker’s address is 0xEda5066780dE29D00dfb54581A707ef6F52D8113, according to the posts.
According to data from Etherscan and BSCscan, there are still tokens worth thousands of dollars that have not been sold. This is because project developers took prompt action and locked the assets, making it nearly hard for the hacker to sell them.
The ChainSwap bridge has been temporarily closed for the time being.